registry  /  @codeenginestudio/harness-creator  /  2.16.0

@codeenginestudio/harness-creator@2.16.0

CES Harness Creator — install wizard

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an explicit Claude Code plugin installer and local harness portal. It mutates Claude plugin configuration and can write harness ledger files only when the user runs its bin commands; no unconsented npm lifecycle attack was found.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `npx @codeenginestudio/harness-creator` or `harness-portal`.
Impact
Warn-level agent extension lifecycle risk: user-approved Claude plugin marketplace setup and local project metadata writes, without confirmed malicious behavior.
Mechanism
First-party Claude plugin setup plus local portal/ledger generation
Rationale
Source inspection shows guarded, user-invoked Claude plugin setup and portal tooling rather than hidden install-time compromise. Because it mutates an AI-agent extension surface, downgrade to warn instead of clean, but do not publish-block.
Evidence
package.jsonscripts/install.mjsscripts/lib/install-utils.mjsscripts/portal.mjsscripts/lib/portal-c4.mjsscripts/lib/portal-ledger.mjsscripts/lib/portal-github.mjsREADME.md~/.claude/plugins/cachedocs/.harness/graph.json.gitignoredocs/architecture
Network endpoints3
127.0.0.1:4000127.0.0.1:5173claude.ai/code

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • scripts/install.mjs is a bin installer that runs `claude plugin marketplace add --scope ... Code-Engine-Studio/ces-harness-creator`.
  • scripts/install.mjs also runs Claude plugin marketplace update and plugin update commands on explicit `update`.
  • scripts/lib/portal-c4.mjs spawns `npx -y likec4 serve` at runtime from the portal command.
  • scripts/lib/portal-ledger.mjs writes `docs/.harness/graph.json` and may append `docs/.harness/` to `.gitignore`.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts; actions are user-invoked bins only.
  • Installer scope is prompted or parsed as user/project; command arguments are fixed constants, not remote data.
  • No credential harvesting or exfiltration logic found; portal-c4 deletes common AI API keys from child env.
  • Portal HTTP server binds to 127.0.0.1 and serves local project state.
  • GitHub integration uses local `gh` CLI to list PRs/runs/issues and degrades when unavailable.
  • No eval/vm/Function, native binary loading, destructive deletion, or persistence beyond documented plugin/harness setup found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 36 file(s), 75.3 KB of source, external domains: 127.0.0.1, claude.ai

Source & flagged code

2 flagged · loading source
scripts/lib/portal-sources.mjsView file
2import path from 'node:path'; L3: import { execFileSync } from 'node:child_process'; L4: import { readFile } from 'node:fs/promises';
High
Child Process

Package source references child process execution.

scripts/lib/portal-sources.mjsView on unpkg · L2
scripts/lib/portal-c4.mjsView file
1// scripts/lib/portal-c4.mjs — lazy `npx likec4 serve` lifecycle + liveness probe + group kill. L2: import { spawn as nodeSpawn } from 'node:child_process'; L3: import { request } from 'node:http';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/lib/portal-c4.mjsView on unpkg · L1

Findings

3 High2 Medium4 Low
HighChild Processscripts/lib/portal-sources.mjs
HighShell
HighRuntime Package Installscripts/lib/portal-c4.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License